Use both NTLM and Anonymous authentication with IIS

Point '^accounts/login/$' or whatever your custom login path is to the 'negotiate_ntlm' view.

This allows you to keep anonymous authentication enabled on IIS and easily lock down just the parts of the site you need to (e.g. admin).

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21

"""auth.py"""fromdjango.contrib.authimportREDIRECT_FIELD_NAMEfromdjango.httpimportHttpResponse,HttpResponseRedirectclassHttpResponseNotAuthorized(HttpResponse):status_code=401def__init__(self,*args,**kwargs):HttpResponse.__init__(self,*args,**kwargs)self['WWW-Authenticate']='NegotiateNTLM'defnegotiate_ntlm(request,content='You are not authorized to access this website.',redirect_field_name=REDIRECT_FIELD_NAME):redirect_to=request.REQUEST.get(redirect_field_name,'/')ifrequest.user.is_authenticated():returnHttpResponseRedirect(redirect_to)else:returnHttpResponseNotAuthorized(content)